This has slipped by me, so i'll figure i post it here.
No real reason to upgrade from 3.7p1 or a patched 3.6.1p2, this release seems to be just a ports bugfix, no openssh-3.7p1 vulnerabilities reported sofar, but i haven't checked all documents. Will try to port it today on my Origin.

> 3.8p1 added the following to main() in sshd.c:> > #ifndef HAVE_CYGWIN> /* Clear environment */> environ[0] = NULL;> #endif> > This breaks the getenv("TZ") in session.c and causes logins to occur in> GMT time. It also causes any sshd syslog messages to be written in GMT> time. I'm on SCO Openserver 5.0.7, but this looks like it should affect> all platforms. Am I missing something? I haven't seen it reported> before.

That was an attempt to fix issues with certain authentication types on AIX, but it causes other problems, as you found. The change has been backed out, and an alternative fix for the AIX issues has been implemented. (Both will be in the next release, and are in the snapshots now).

Not a security release, but in addition to the specific fixes above there are a number of other bug fixes. I built a tardist and uploaded to the Nekoware beta directory, though it may only work on 6.5.22 and up.